Condition key and operator information

Prev Next

Available in Classic and VPC

Describes the items related to Condition settings provided by NAVER Cloud Platform.

Condition key/value

  • Condition key/value: Property information to be applied to the policy. Permission checks are performed by comparing the "key:value" set in the condition key with the "key:value" of the properties where the policy is performed.
Type Condition key Details Value input Value information path Data type
Principal properties ncp:principalName User name of the action performer. User name. Services > Management & Governance > Sub Account > Sub Accounts > Sub account details. String
ncp:principalId Login ID of the action performer. Login ID. Services > Management & Governance > Sub Account > Sub Accounts > Sub account details. String
ncp:principaluuid ID no of the action performer. ID Services > Management & Governance > Sub Account > Sub Accounts > Sub account details. String
ncp:principalType Type of the action performer. Enter the corresponding value from the following:
  • If the performer is a sub account, enter IamUser.
  • If the performer is a role, enter IamRole.
 String
ncp:sourceIdentityId Each role's target resource if the principalType is IamRole.
  • AccountRole: Role transitioned user's Sub Account ID.
  • SSO Role: Role transitioned user's SSO user ID.
  • Service Role: Role assigned service's resource information.
  • AccountRole: Services > Management & Governance > Sub Account > Sub Accounts > Sub account details > ID.
  • SSO Role: Services > Management & Governance > Ncloud Single Sign-On > External IdP Login > Users > User details > ID.
  • Service Role_Data Flow: Services > Management & Governance > Resource Manager > Service role connected Data Flow resource's NRN.
  • Service Role_Datafence: Services > Management & Governance > Resource Manager > Service role connected Datafence resource's NRN.
  • Service Role_External Access: Services > Management & Governance > Sub Account > External Access > Subject Activity details > Performer.
String
ncp:sourceIdentityType Each role's user type if the principalType is IamRole. Enter the corresponding value from the following:
  • If AccountRole, enter IamUser.
  • If SSO Role, enter FederatedUser.
  • If Server Role, enter Server.
  • If Service Role, enter NcloudService.
 String
Resource properties ncp : resourceTag Used to allow or deny user actions on resources with specific tags when performing actions where resource specification is available. key:value String
ncp : requestTag A tag that controls whether a tag is required and which types of tags can be assigned when performing tag-assignment actions.
 key:value String

Condition operators

  • Operator: A string condition used to check the "key:value" set in the condition key during permission checks.
Type Description Note
StringEquals String matches exactly (case-sensitive)
  • If the multiple values are included or if 1 of the specified values matches, true.
StringNotEquals String mismatches (case-sensitive)
  • If multiple values are included, nor if all specified values do not match, true.
StringLike String matches similarly (case-sensitive)
  • * True if a string partially matches, including (multiple wildcard).
  • If the multiple values are included or if 1 of the specified values matches, true.
StringNotLike
  • Matches similarly (case-sensitive)
  • * True if a string partially matches, including (multiple wildcard).
  • If multiple values are included, nor if all specified values do not match, true.
Type Description Note
~IfExists Check the condition only if the key exists followed by the operator.
  • If it does not exist, true.